package com.foreveross.project.usercenterserver.oauth2.service.impl;

import com.foreveross.project.usercenterserver.oauth2.service.RbacAuthorityService;
import com.foreveross.project.usercenterserver.security.UserInfo;
import lombok.extern.slf4j.Slf4j;
import org.casbin.jcasbin.main.Enforcer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.stereotype.Service;

import javax.servlet.http.HttpServletRequest;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;

@Service("rbacauthorityservice")
@Slf4j
public class RbacAuthorityServiceImpl implements RbacAuthorityService {

    @Autowired
    private Enforcer enforcer;

    @Autowired
    TokenStore tokenStore;


    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
         String userName = (String)authentication.getPrincipal();
       // Object userName = authentication.getPrincipal();
        if (!userName.equalsIgnoreCase("anonymousUser")) {
            OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails();
            OAuth2AccessToken auth2AccessToken = tokenStore.readAccessToken(details.getTokenValue());
            //String accountOpenCode = (String)auth2AccessToken.getAdditionalInformation().get("accountOpenCode");
            Map<String, Object> stringObjectMap = auth2AccessToken.getAdditionalInformation();
            String clientId = (String) stringObjectMap.get("clientId");
            String userId = (String) stringObjectMap.get("userId");
            //Object decodedDetails = details.getDecodedDetails();
            //Object credentials = authentication.getCredentials();
            //Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
            boolean hasPermission = false;
            String path = request.getRequestURI();
            String method = request.getMethod();
            //重新加载规则
            enforcer.loadPolicy();
            List<List<String>> policy = enforcer.getPolicy();
            System.out.println(policy);
            hasPermission = enforcer.enforce(userName, clientId, path, method);
            if (hasPermission) {
                //设置用户信息
                request.getSession().setAttribute("userName", userName);
                request.getSession().setAttribute("userId", userId);
                request.getSession().setAttribute("clientId", clientId);
                return true;
            } else {
                return false;
            }
        } else {
            System.out.println("没权限.....");
            return false;
        }

    }


}
